Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Ransomware Protection Enhancements in OfficeScan 11.0 SP1 Critical Patch 6054

    • Updated:
    • 13 Mar 2020
    • Product/Version:
    • OfficeScan 11.0
    • OfficeScan 11.0
    • Platform:
    • N/A N/A

On May 30, 2016, Trend Micro released Critical Patch (CP) Build 6054 for OfficeScan 11.0 SP1, which includes several protection enhancements against ransomware.  Customers are strongly encouraged to apply this CP as soon as possible to take advantage of the new features and enhancements.

Please note:  the new build number for Servers is 6054, while the Agent Module is Build 6034.  For simplicity, the entire CP will be referred to as Build 6054 throughout the remainder of this article but may apply to both the server and agent modules.  For more details on the exact file changes, users may review the readme file linked at the end of the article.


Some of the key new enhancements in OfficeScan 11.0 SP1 CP Build 6054 include:

  • Improved Behavior Monitoring program inspection components which will help detect and block suspected compromised executable files commonly found in ransomware attacks.
  • Recommended best practice settings for ransomware protection will be enabled by default after application of the CP, including:

    • Enable Malware Behavior Blocking, with Known and potential threatsselected
    • Protect documents against unauthorized encryption or modification
    • Automatically back up files changed by suspicious programs*
    • Enable program inspection to detect and block compromised executable files (Server platforms excluded) *

      Best practice settings for ransomware protection

      Click image to enlarge.

    • Monitor newly encountered programs downloaded through HTTP or email applications (Server platforms excluded), with Prompt user before executing selected.

      Prompt user before executing

      Click image to enlarge.

      * Denotes new features added as part of CP Build 6054

In addition to the ransomware protection enhancements listed above, CP Build 6054 also addresses the recently disclosed OfficeScan Path Traversal vulnerability. More information on this vulnerability can be found in Knowledge Base Article 1114097.

OfficeScan 11.0 SP1 CP 6054 also introduces some new ransomware specific widgets that administrators may utilize to track relevant statistics:

  • Ransomware Detections Over Time
  • Ransomware Prevention Summary

Below is a sample of the new widgets:

New Ransomware Widgets

Click image to enlarge.

OfficeScan 11.0 SP1 CP Build 6054, as well as any prerequisite files (listed below) may be downloaded from Trend Micro’s Download Center

Alternatively, you may directly download the files from the following locations:



Customers applying OfficeScan 11.0 SP1 CP build 6054, must first apply the following in order before applying the latest CP.  All of these can be obtained from Trend Micro’s Download Center:

  • OfficeScan 11.0 GM (Build 1028)
  • OfficeScan 11.0 SP1 (Build 2995)
  • OfficeScan 11.0 SP1 CP Build 4150 or later

The CP 6054 installer may return an error messaging if any of the above components are not currently installed.  

Customers are encouraged to visit both our OfficeScan 11.0 SP1 Ransomware Protection Features KB article as well as our overall Ransomware Best Practices Configuration KB article for more information on Trend Micro’s recommendations on how to best deploy and configure Trend Micro solutions against the latest ransomware threats or contact Trend Micro Technical Support for further assistance.

Configure; Troubleshoot; Update; SPEC
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.